« 讀書心得-老闆不在:可別好自在 | 回到主頁面 | 不變態了~~ 去養驢子吧 »

April 09, 2007

Some interest thing about UAC


將此網頁加入【百度收藏】... 加入此網頁到【del.icio.us 書籤】 technorati

Windows Vista

There are some interesting thing which I tried to understand the different UAC behavior with Vista verion #5XXX with RTM version.

  1. How to not store file in virtual store when UAC is turn on?
    Ans: Use trust info in your manifest info. It can announce UAC not to use virtual store(Virtual Store Redirection was implemented to maximise compatibility of applications moving into the more secure Windows Vista environment without the need to recompile application code).

    What if you don't want to save file in virtual store when your privilege is not administrator? (Just let don't let user to write file in such C:\Program Files; C:\; C:\Windows ... etc)

    If you add follow code in you manifest, virtual store will be disable.
    <security>
     <requestedPrivileges>
      <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
     </requestedPrivileges>
    </security>

    For this case, you should add trust infomation in your manifest file which like (Require Administrator/As Invoker). You can refer this article for more detail.

  2. Don't use MT.exe to link manifest resource in your .exe and .dll
    Ans: As I found trust information about manifest file in Microsoft Forum.  This discussion thread also suggest us not to use MT.exe to link manifest information in your .exe and .dll, since there might a bug from Microsoft which will cause Blue screen (Yes,!!  Blue God damn screen.) or freeze in your computer.

    It will happen when your manifest information contain

    <ms_asmv3:trustInfo xmlns:ms_asmv3="urn:schemas-microsoft-com:asm.v3">

    For more information, you can refer this article(The computer may restart when you add a manifest that has the Windows Vista extension to an .exe file or to a .dll file in Windows XP Service Pack 2 (SP2)). It is better to use ThemeMe.exe  to link it.

  3. Does UAC really safe for us?
    Ans: There is also an interesting news which Symantec: Don't Trust Windows Vista UAC Prompts!. This news show, Symantec found Microsoft can use RunLegacyCPLElevated.exe(Which is designed to provide backward compatibility by allowing legacy Windows Control Panel plug-ins to run with full administrative privileges.) to get full  administration privilege to call interface "CPlApplet", which is then called with a number of different parameters depending on the action being performed.


下一代微軟視窗系統的相關問題

由 Evan 發表於 April 09, 2007 將此網頁加入【百度收藏】... 加入此網頁到【del.icio.us 書籤】 technorati
引用
本文的引用網址:


以下是前來引用的連結 'Some interest thing about UAC' 來自 Blog E
迴響
發表迴響









記住我的資訊?




(請輸入以下的驗證碼)